Category Archives: Design

Directing Ourselves Away From Directories

Well, after trying out several unsuccessful configurations aimed at managing my bookmarks, I’ve finally embraced that which is del.icio.us. It’s the only free solution that provides the mobility I’ve been looking for.

It’s taken me some time to get used to the whole “social” part of social bookmarking, but I think it’s finally grown on me. I’ve even managed to find several useful links on occasions when boredom drove me to browse the links posted by other users. The only major pain was importing and categorizing the 250+ links I had already amassed over the last few years, but on the positive side I did manage to weed out several that were broken and unused.

The ability to assign multiple categories to links is what really makes del.icio.us stand out for me. When I was still using a directory structure to categorize links, there were several times when I couldn’t decide whether a particular link belonged in one category or another. Inevitibly, when I came back to look for it later, I would have to browse at least 3 different folders to find out which one I put it in.

I’ve found that I have this same problem with folders on my machine. I tend to be a file packrat, so there’s quite a bit of stuff in there. There are times with the limitations of the underlying Windows directory structure hinder my ability to organize my files. I haven’t tried the beta yet, but Windows Vista is supposed to provide a whole new level of file organization that circumvents the inherent limitations of directories. I’m not sure if that means you can assign multiple categories to files or not, but certainly any step in that direction would be useful indeed.

At any rate, you can scope out my most current bookmarks by going to del.icio.us/synthetik.

Error 0x00FC: Too Many Passwords

I’m really beginning to tire of keeping up with the 50 or so different usernames and passwords required to access the various web sites and software packages I use. It seems that every site nowadays requires a login to access even the most insignificant content. Sadly, services such as BugMeNot have provided little relief for this growing annoyance.

What complicates this problem is the advice given by the majority of online security specialists:

  • Never use the same username/password combination on more than one site.
  • Change your passwords often.
  • Make your passwords as complex as you can by adding numbers and symbols.
  • Never keep your usernames/passwords written on paper or a digital document

Dilbert-20050910Yeah.

So in order for me to protect myself as fully as possible, I need to keep track of 50+ different sets of obfuscated credentials for 50+ different sites without the luxury of writing them down anywhere, and then change them at least once a month!?

“So Kody,” you may ask, “why don’t you just use one of the many AutoFill tools freely available from various web browsers and toolbars?” My answer is simple: Lack of mobility. What happens when I am using a public terminal or a computer in a lab or at a friend’s house? By relying on AutoFill tools at home, my ability to remember my credentials while away from my computer would atrophy.

And what happens when I let someone else use my computer to look something up? I never check any of those boxes that say, “Always keep me logged in” or “Remember my password,” so why would I want AutoFill software to automatically insert my personal information into a web form regardless of the user? [See comments below for an explanation on why this was scratched. –km]

As more and more sites require verification, the deep wisdom of Microsoft’s Passport service is becoming all too clear. I’ll admit I was wary of Passport in the beginning, given all the privacy concerns of entrusting access to multiple websites to a single entity (especially when that entity is Microsoft). However, I am finding it more and more tempting to embrace such a service if it means that I don’t have to keep track of dozens of username/password combinations.

Unfortunately, even if I wanted to take advantage of Microsoft’s Passport, it’s not supported on 99% of the sites I would need it for. Even more unfortunate, no other comparable service exists. I’m starting to think that the web is in dire need of a universal credential service with the stigmas associated with Microsoft’s “we want to own everything” corporate image.

So how do intelligent people manage their login information without resorting to the practices of the overtly paranoid? Am I just missing something here? I know there are various password management services available online and for PDAs, but are they actually useful?

I don’t know. Maybe this is just another incentive to do away with usernames and passwords altogether in favor of biometric identification. All I know is that if things don’t improve soon, I may have to resort to shoving a few 1GB sticks of RAM up my nose and hope it’s compatible.

The Omnipresent EULA

If you’ve ever installed a program on your computer, you probably at some point had to agree to an exhaustive license agreement before you could begin the installation process. The End User License Agreement, or EULA, for short, is typically about ten printed pages worth of legalese squashed into a 3-inch square box.

I will be the first to admit that I have probably only read one (that of EverQuest, if I recall) of the license agreements of the plethora of software I’ve ever installed. God knows what I’ve agreed to by just blindly clicking, “Yes, I agree” and continuing on my merry way. I could have very well agreed to turn my residence into a halfway house for unemployed game developers. I would conjecture that very few others have even read the full text of a EULA, except this one guy who got $1,000 from a company because he actually read their license agreement.

This brings up an important consideration: How well can EULAs stand in court? I suppose technically they should be legally binding, since the user is technically supposed to read the agreement before clicking “I Agree.” It seems to me, though, that any judge with any sense at all could see that EULAs are specifically designed to confuse users. You almost wonder if software companies don’t want users to read their licensing agreements. *cough*spyware*cough* I certainly know I can’t afford to have a lawyer translate for me each time I wish to install software, and I doubt I’m alone in that respect.

Even more harrowing is an article posted on Slashdot a couple months ago about a gamer who purchased a used copy of Blizzard’s World of Warcraft, the current flavor of the year MMORPG. He found that he could not create his own account with that particular copy’s authentication key because the former owner already had – even though he canceled his account. To quote directly:

Note that section 3B in the EULA explicitly grants its users the ability to transfer the physical property and “all of your rights and obligations under the License Agreement”, presumably including the Authentication Key which is needed when creating a new account. What Blizzard expressly disallows is the transfer of accounts, according to Section 1E of their Terms of Use, which is not at issue here. Apparently, Blizzard is allowing each Authentication Key to be used only once, preventing anyone with a used copy of the game from creating a new account. Is Blizzard violating the terms of their own EULA?

Though I’m not certain of what became of this, but it seemed to be quite an issue when Blizzard was throttling sales of the game because their servers were overburdened by the amount of people already playing. It was nearly impossible to buy the game at retail, so a logical alternative would have been to buy a used copy from someone who already played the game and did not like it. It’s not like these people are stealing anything. They want to play the game, and they want to pay Blizzard the monthly fee to do it.

If you ask me, EULAs are getting out of hand.

“Secret” Questions

It seems that recently, most of the tech news sites are abuzz about how Paris Hilton’s cell phone got hacked into. At first, like most of the tech community, I found it amusing – nothing more. Now, however, speculation has surfaced that her password protection may have been circumvented through her “secret question,” allowing the hacker to reset her password and gain access to all kinds of… well… “sensitive” information.

The hacker didn’t even have to know her password, he simply guessed her secret question. This certainly puts into perspective how vulnerable those secret questions are to break-in attempts. Let us think for a moment of a few of the most common secret questions…

  • What is your mother’s maiden name?
  • In what city were you born?
  • What is your favorite pet’s name?

How hard is it to find the answers to these questions? For most of my friends, I already know their answers. They know I would never even consider exploiting that information, just as I trust they wouldn’t abuse mine. But how many people out there know your e-mail address AND your mother’s maiden name? They might as well just have your password as well.

Even if the hacker doesn’t know a victim personally, it’s amazing how many personal details are made freely available on the internet, usually published by the victims themselves through instant messenger profiles or personal websites. Just think, you visit a random personal website of someone and see this (Note: this is all completely fabricated out of my head, don’t think I actually copied this off someone’s site):

Hi, my name is Jennifer Soandso, and welcome to my website!

A LITTLE ABOUT ME:
I was born in Seattle, WA in 1984. I have green eyes, brown hair, and a black lab named Goober. He is the best dog ever! E-mail me at duranduranisthebestbandever@hotmail.com

Already, just from this little blurb, the target has given three pieces of information for hackers to exploit: Seattle, WA, Goober, and an e-mail address (commonly used as a login to many websites).

I already have a lot of personal details floating around out there, and thanks to the dynamics of the web, they’re not going to disappear. I don’t recall ever setting up secret questions at any websites I’ve registered with, but armed now with the knowledge of what a security risk they are, I think I’m going to look around and make sure that I don’t have a secret question set up somewhere that could easily be answered through a little web research.

___
On a completely unrelated note, I suppose I’ll share a link to another bizzare product from Amazon.com. Armed with this and the ladybugs, I suppose a man would become invincible.

Never-Ending Crunch Time

Nestle-Crunch-Fun-SizeNo, not that kind of never-ending Crunch, unfortunately. This post is about “crunch time,” the name given to the period of time when employees are expected, if not required to work long hours to meet a deadline on a project that is behind schedule.

I mention it because there was a recent article published on LiveJournal by the spouse of an employee at renowned game studio Electronic Arts, calling out EA on their demanding labor practices. According to the article, EA employees are subjected to crunch times that never end until they either burn out and resign or move up the corporate ladder.

Apparently these work conditions are quite common throughout the game development industry, which is one of the primary reasons that I don’t have much interest in taking my programming skills to a game company. Admittedly, the development of application software requires massive crunch times as well, but overall they seem far less extreme than crunch times for game developers. I’ve seen it written many times by those in the industry: “If you want to write games, you’d better really have your heart in it.”santas_sweatshop-293x307

Studies have indicated that after 40 hours of work in any given week, the performance of most programmers degrades significantly. Tired, stressed out programmers tend to produce code with higher bug rates than normal. The time required to diagnose and repair problems from bug-laden code further taxes time constraints when struggling to meet a deadline – nullifying any “advantages” that might be gained from overworking programmers.

I caught an article (log in required) on Gamasutra which may yet give some hope to the industry. It’s about the practices of Blue Fang, a game development company that has already shipped two full games and two expansion packs, all while discouraging overtime. All it takes is competent management techniques, proper planning, and making employee morale a top priority.

Fun With Aggregators

I’m really starting to like what XML has done to the internet. I’ve been playing around with aggregators for the last month or so and I have to say I am really impressed with the convenience they offer. Instead of spending a great deal of time and effort pointing my browser to different websites to see if they’ve updated, all I have to do now is point my aggregator to their XML feeds and the updates come to me! It’s basically like having the articles e-mailed to me in a concise manner where I can then scan them and quickly decide whether I wish to read further.

My current aggregator of choice is SharpReader RSS Aggregator, which is built on the .NET Framework. It’s intuitive, unobtrusive, and most importantly, FREE!

It’s such a neat thing I even have KodyMyers.net’s XML feed in there – as if I actually need it to tell me when I update my own website. How pathetic is that?

Gmail… Up to the Hype?

Props to Brandon for the Gmail invite. I guess I now get to consider myself one of the elite few, though I find the whole thing blown way out of proportion. I can see how 1 GB of e-mail space can be appealing, but the resulting onslaught of sites such as gmail swap and Gmail Machine seem a little over-the-top.gmail-beta-logo

I have to say, though, that I’m already quite fond of Gmail’s simple, quick-loading interface. Once I get a few messages in there, maybe I’ll be able to make use of some of the other features. There’s just so much hype surrounding it that I can’t help but remain skeptical.